Bruce Schneier reports <https://www.schneier.com/blog/archives/2020/07/nsa_on_securing.html> on an advisory from the US National Security Agency on how to secure your VPN setup. The document is available in a 10-page or 2-page version. The tips can be summarized as * Reduce the VPN gateway attack surface * Verify on CNSSP-15-compliant algorithms are in use * Avoid using default settings * Remove unused or non-compliant cryptography suites * Apply vendor-provided updates The one about not using default settings I found interesting, the explanation given being that “many vendors provide default configurations, automated configuration scripts, or graphical user interface wizards to aid in the deployment of VPNs”, but that these tools/defaults may prioritize ease of setup over security, and therefore enable extra options that should not be enabled. The longer version gives detailed configuration examples.